Hello friends, I am working on some scripts to copy content from a google doc into a lesswrong post. I have found the graphql API and I see there is an Authorization header being sent with an auth token. How can I authenticate with the API and acquire a token?

New to LessWrong?

New Comment
5 comments, sorted by Click to highlight new comments since: Today at 7:08 PM

I would recommend just inspecting a graphql query you send while you are logged in and make a request, using your browsers network tools. Chrome has a great utility of copying any query you sent in a bunch of script-ready formats, like a call to cURL or fetch, including any headers you sent along.

Yes this is what I have been doing so far. I have been able to grab the auth token in this way but I imagine it will expire sooner or later and I was hoping to be able to programatically acquire an auth token. Based on the source in this file it looks like you're using Meteor to manage authentication. For password-based authentication (as opposite to oauth via google/fb/github) are you also using Meteor?

Interestingly, I see the username and a hash of the password being sent to a sockjs endpoint. Does authentication happen via a websocket?!

Yep, all auth currently happens via Meteor. 

We sadly don’t really have any infrastructure set up to hand out programmatic auth tokens, but I think we set the expiration date to something like 5 years, so I don’t think you should run into much of an issue.

And yeah, Meteor generally communicates over websockets. So my guess is that includes the auth part.

It's been awhile since I interacted with the API explicitly (hopefully one of the team members with more context will answer soon), but wanted to leave this handy LW API tutorial for now and see if it happened to help you.